Re: [PATCH v3 08/10] qemu: Extend swtpm_setup command line to set a profile by its name

Mon, 21 Oct 2024 00:49:12 -0700 

On Sat, Oct 19, 2024 at 12:24 AM Stefan Berger <[email protected]> wrote:
>
> Run swtpm_setup with the --profile-name option if the user provided the
> name of a profile. swtpm_setup will try to load the profile from
> directories with local profiles and distro profiles and if no profile
> by this name with appended '.json' suffix could be found there, it will
> fall back to try to use an internal profile with the given name.
>
> Also set the --profile-remove-disabled option if the user provided a value
> in the remove_disabled attribute in the profile XML node.
>
> Signed-off-by: Stefan Berger <[email protected]>

Reviewed-by: Marc-André Lureau <[email protected]>

> ---
>  src/qemu/qemu_tpm.c | 37 +++++++++++++++++++++++++++++++++++++
>  1 file changed, 37 insertions(+)
>
> diff --git a/src/qemu/qemu_tpm.c b/src/qemu/qemu_tpm.c
> index 506743c268..f49276d9be 100644
> --- a/src/qemu/qemu_tpm.c
> +++ b/src/qemu/qemu_tpm.c
> @@ -340,6 +340,41 @@ qemuTPMVirCommandAddEncryption(virCommand *cmd,
>  }
>
>
> +/*
> + * Add a (optional) profile to the swtpm_setup command line.
> + *
> + * @cmd: virCommand to add options to
> + * @emulator: emulator parameters
> + *
> + * Returns 0 on success, -1 on failure.
> + */
> +static int
> +qemuTPMVirCommandAddProfile(virCommand *cmd,
> +                            const virDomainTPMEmulatorDef *emulator)
> +{
> +    if (!emulator->profile_name)
> +        return 0;
> +
> +    if (!virTPMSwtpmSetupCapsGet(
> +            VIR_TPM_SWTPM_SETUP_FEATURE_CMDARG_PROFILE)) {
> +        virReportError(VIR_ERR_ARGUMENT_UNSUPPORTED, "%s",
> +                       _("swtpm_setup has no support for profiles"));
> +        return -1;
> +    }
> +
> +    virCommandAddArgList(cmd,
> +                         "--profile-name", emulator->profile_name,
> +                         NULL);
> +
> +    if (emulator->profile_remove_disabled)
> +        virCommandAddArgList(cmd,
> +                             "--profile-remove-disable",
> +                             emulator->profile_remove_disabled,
> +                             NULL);
> +    return 0;
> +}
> +
> +
>  /*
>   * qemuTPMEmulatorRunSetup
>   *
> @@ -414,6 +449,8 @@ qemuTPMEmulatorRunSetup(const virDomainTPMEmulatorDef 
> *emulator,
>                               "--lock-nvram",
>                               "--not-overwrite",
>                               NULL);
> +        if (qemuTPMVirCommandAddProfile(cmd, emulator) < 0)
> +            return -1;
>      } else {
>          virCommandAddArgList(cmd,
>                               "--tpm-state", emulator->storagepath,
> --
> 2.47.0
>

Reply via email to